August 16, 2022

Fortify Security Team
Aug 16, 2022

Title: Hackers Attack UK Water Supplier but Extort Wrong Victim

Date Published: August 16, 2022

https://www.bleepingcomputer.com/news/security/hackers-attack-uk-water-supplier-but-extort-wrong-victim/

Excerpt: “South Staffordshire Water, a company supplying 330 million liters of drinking water to 1.6 consumers daily, has issued a statement confirming IT disruption from a cyberattack.  As the announcement explains, the safety and water distribution systems are still operational, so the disruption of the IT systems doesn’t impact the supply of safe water to its customers or those of its subsidiaries, Cambridge Water and South Staffs Water.  “This is thanks to the robust systems and controls over water supply and quality we have in place at all times, as well as the quick work of our teams to respond to this incident and implement the additional measures we have put in place on a precautionary basis,” explains the statement published on the company’s site.”

Title: Argentina’s Judiciary of Córdoba hit by PLAY ransomware attack

Date Published: August 15, 2022

https://www.bleepingcomputer.com/news/security/argentinas-judiciary-of-c-rdoba-hit-by-play-ransomware-attack/

Excerpt: “Argentina’s Judiciary of Córdoba has shut down its IT systems after suffering a ransomware attack, reportedly at the hands of the new ‘Play’ ransomware operation.  The attack occurred Saturday, August 13th, causing the Judiciary to shut down IT systems and their online portal. The outage is also forcing the use of pen and paper for submitting official documents.  In a ‘Cyberattack Contingency Plan’ shared by Cadena 3, the Judiciary confirmed that it was hit by ransomware and engaged with Microsoft, Cisco, Trend Micro, and local specialists to investigate the attack.”

Title: Monero Hard Fork Makes Hackers’ Favorite Coin Even More Private

Date Published: August 15, 2022

https://www.bleepingcomputer.com/news/security/monero-hard-fork-makes-hackers-favorite-coin-even-more-private/

Excerpt: “Monero, the privacy-oriented decentralized cryptocurrency project, underwent a planned hard fork event on Saturday, introducing new features to boost its privacy and security.  The network upgrade was delayed from July 13, when it was first planned for release, due to multi-sig security fixes, critical security patches, and more time needed to resolve hardware wallet incompatibility issues.  Completed at block 2,688,888, the hard fork now features a larger ring size (from 11 to 16), an improved ‘Bulletproofs’ algorithm for faster transactions, a revamped multisig mechanism, and performance upgrades that reduce wallet sync times by 30-40%.”

Title: Russia-linked Gamaredon APT Continues to Target Ukraine

Date Published: August 16, 2022

https://securityaffairs.co/wordpress/134438/apt/gamaredon-continues-target-ukraine.html

Excerpt: “Russia-linked Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, and Trident Ursa) targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad, Symantec warns.  The Computer Emergency Response Team of Ukraine (CERT-UA) confirmed the ongoing cyber espionage campaign.  Symantec and TrendMicro first discovered the Gamaredon group in 2015, but evidence of its activities has been dated back to 2013. The group targeted government and military organizations in Ukraine.  The recent wave of attacks began on July 15 and was ongoing as recently as August 8, 2022.”

Title: Phone Numbers of 1,900 Signal Users Exposed as a Result of Twilio Security Breach

Date Published: August 16, 2022

https://securityaffairs.co/wordpress/134428/mobile-2/twilio-hack-signal-impacy.html

Excerpt: “Communication company Twilio provides Signal with phone number verification services, and a recent security breach it has suffered has also impacted some users of the popular instant-messaging app.  Twilio hackers could have attempted to re-register the number of Signal users to another device or learned that their number was registered to Signal.  “For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal. This attack has since been shut down by Twilio. 1,900 users is a very small percentage of Signal’s total users, meaning that most were not affected.” reads the advisory published by Signal.”

Title: Microsoft Disrupts SEABORGIUM ’s Ongoing Phishing Operations

Date Published: August 15, 2022

https://securityaffairs.co/wordpress/134414/apt/seaborgiums-targets-nato.html

Excerpt: “The Microsoft Threat Intelligence Center (MSTIC) has disrupted activity by SEABORGIUM (aka ColdRiver, TA446), a Russia-linked threat actor that is behind a persistent hacking campaign targeting people and organizations in NATO countries.  SEABORGIUM has been active since at least 2017, its campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft. The APT primarily targets NATO countries, but experts also observed campaigns targeting the Baltics, Nordics, and Eastern Europe regions, including Ukraine.”

Title: Vulnerability Wholesaler Cuts Disclosure Times Over Poor-quality Patches

Date Published: August 16, 2022

https://www.zdnet.com/article/vulnerability-wholesaler-cuts-disclosure-times-over-poor-quality-patches/

Excerpt: “The Zero Day Initiative (ZDI), a vulnerability wholesaler, has reduced its disclosure timelines for incomplete patches in a bid to push vendors into improving the quality of their security updates.  ZDI, a brand owned by security firm Trend Micro, is making the move because of what it says is a “disturbing” decrease in patch quality and a rise in vague communications about patches.   The impact on enterprises is that they can’t accurately estimate the risk to their systems and they’re wasting money on applying incomplete patches that are re-released down the track and need re-applying a second time around.  ZDI’s standard disclosure timeline gives software vendors 120 days to release a patch, but it’s now introducing shorter timelines for “failed patches” that it will be monitoring.  “Moving forward, we will be tracking failed patches more closely and will make future policy adjustments based on the data we collect,” says Brian Gorenc, senior director of ZDI.”

Title: Hackers Are Finding Ways Around Multi-factor Authentication. Here’s What to Watch For

Date Published: August 16, 2022

https://www.zdnet.com/article/hackers-are-finding-ways-around-multi-factor-authentication-heres-what-to-watch-for/

Excerpt: “Using MFA protects against the vast majority of attempted account takeovers, but recently there’s been a surge in cyber attacks which aim to dodge past multi-factor authentication security. According to Microsoft, in just one campaign 10,000 organisations have been targeted in this way during the last year.  One option for hackers who want to get around MFA is to use a so-called adversary-in-the-middle (AiTM) attack which combines a phishing attack with a proxy server between the victim and the website they’re trying to login to. This allows the attackers to steal the password and session cookie which provides the additional level of authentication they can exploit – in this case to steal email. The user simply thinks they have logged into their account as usual.”

Title: New Attack Weaponizes PLCs to Hack Enterprise and OT Networks

Date Published: August 16, 2022

https://www.infosecurity-magazine.com/news/new-attack-weaponizes-plcs-to-hack/

Excerpt: “A new attack can weaponize programmable logic controllers (PLCs) to exploit engineering workstations and subsequently invade OT and enterprise networks.   The attack, which targets engineers working on industrial networks, configuring and troubleshooting PLCs, was developed by the Team82 group by Claroty, who called it the “Evil PLC Attack.”  According to the security experts, the research resulted in working proof-of-concept exploits against seven market-leading automation companies: Rockwell Automation, Schneider Electric, GE, B&R, XINJE, OVARRO and Emerson, respectively.”

Title: Dutch Authorities Arrest Tornado Cash Developer Following US Sanctions on Crypto Mixer Firm

Date Published: August 15, 2022

https://www.infosecurity-magazine.com/news/dutch-authorities-arrest-tornado/

Excerpt: “The Dutch Fiscal Information and Investigation Service (FIOD) said it arrested a 29-year-old man in Amsterdam on August 10 in connection with the recent U.S. Treasury sanctions on decentralized Ethereum mixing service Tornado Cash.  The unnamed individual is suspected of “involvement in concealing criminal financial flows” and “facilitating money laundering through the mixing of cryptocurrencies” using Tornado Cash.  “Multiple arrests are not ruled out,” FIOD wrote on its website. “Also in the cryptocurrency domain, the FIOD stands for a safe financial Netherlands and investigates with effect and impact. Today the suspect is brought before the examining judge.”  According to the press release, the Financial Advanced Cyber Team (FACT) of the FIOD started a criminal investigation against Tornado Cash last June.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...